2FA suggestion - helping ArenaNet help us help ourselves — Guild Wars 2 Forums

2FA suggestion - helping ArenaNet help us help ourselves

This post started as a search for info on response times, but I see their customer service queue is overloaded at the moment. My Authenticator app seems to have lost my GW2 authenticator key (the Google key is still showing up fine), but that means I have no way to approve new networks for GW2 access. So I'm VPNing to my home network while travelling in order to play: it's a bit slow, but at least it works.

However, I see on looking at my previous ticket that it's not the first time I've had Authenticator lose the GW2/ANet token, and a manual reset seems to be a highly inefficient way to deal with such a problem. I can't only use SMS, because sometimes I'm travelling overseas and can't get SMS messages, but it would be really good to be able to set up BOTH app-based AND SMS two-factor authentication. That way if one failed, the affected user has a way to reset the other one themselves, rather than waiting for manual assistance from ANet customer support.

Is there any chance that could be added in future? Lots of organisations support multi-channel 2FA (for example, I can authenticate my Apple account using SMS or any one of a set of authorised devices, or even a recovery key that I keep in hard copy in a secure location); likewise, Google lets me use the Authenticator app or SMS or they'll call me on my registered land-line - any one of those is sufficient. Is it possible for ANet to consider allowing us redundancy as well as security? Given how many of the ticket requests seem to be related to account access, cutting out a whole bunch of "I can't get in" messages would surely be a quick return on investment.

Comments

  • Leablo.2651Leablo.2651 Member ✭✭✭

    I would suggest that the simplest solution is to use an app that doesn't lose your keys.

  • Healix.5819Healix.5819 Member ✭✭✭✭

    @raaahbin.7405 said:
    or even a recovery key that I keep in hard copy in a secure location

    You could have done that. Simply save the key you're given when creating the authenticator, which can be used to recreate it as many times as you want.

  • @Leablo.2651 said:
    I would suggest that the simplest solution is to use an app that doesn't lose your keys.

    I use the one ANet suggest (i.e. Google's app). It only seems to be the ANet token that it's lost, not Google's... but perhaps it was both, and the Google token was so easily restored that I forgot even doing it (because Google's system is resilient and doesn't have a single point of failure).

  • @Healix.5819 said:

    @raaahbin.7405 said:
    or even a recovery key that I keep in hard copy in a secure location

    You could have done that. Simply save the key you're given when creating the authenticator, which can be used to recreate it as many times as you want.

    Have you tried doing that? I thought the point of the setup key for the authenticator was that it was single use - as soon as you activate the authenticator, the only thing that will verify you is the single-use key generated by the authenticator, not the original setup key.

    But, if you say that setup key should work to restore the authenticator, I might give that a try this time... if I decide it's even worth the risk of turning 2FA back on. It looks like I'll be back home by the time my ticket floats to the top of the pile, so I'm inclined just to leave 2FA off until they build in some measure of resilience. It shouldn't be hard to allow users to activate both SMS and Authenticator 2FA, but it's hard to know what decisions have been made on the back end.

  • Healix.5819Healix.5819 Member ✭✭✭✭

    @raaahbin.7405 said:
    Have you tried doing that? I thought the point of the setup key for the authenticator was that it was single use - as soon as you activate the authenticator, the only thing that will verify you is the single-use key generated by the authenticator, not the original setup key.

    Yes, it works. Authenticators are basically just an equation of your key multiplied by time = the code you enter to login. As long as you have a copy of that original key, you can recreate it whenever you want and can have it on as many devices as you want.

©2010–2018 ArenaNet, LLC. All rights reserved. Guild Wars, Guild Wars 2, Heart of Thorns, Guild Wars 2: Path of Fire, ArenaNet, NCSOFT, the Interlocking NC Logo, and all associated logos and designs are trademarks or registered trademarks of NCSOFT Corporation. All other trademarks are the property of their respective owners.